What is Tor?
Tor is a network that allows users to surf the Internet anonymously. More than 2 million people worldwide use Tor.
When using the Tor browser, internet data is routed through several servers, or so-called “nodes,” before it reaches its destination. Each node knows only the previous and next node but not the entire history, making it impossible to determine a user’s identity or location.
Because this information is no longer recognizable, this area of the Internet is also known as the dark web.
The browser doesn’t use conventional websites but so-called “onion pages” that users can only access through the Tor browser.
Why is it so important, especially in authoritarian countries
Such a system is particularly important for people in countries like China, Russia or Iran, where governments have installed Internet censors or surveillance.
The Tor network allows people in these countries to freely communicate on the Internet without fear of government surveillance systems recognizing them. This also allows journalists, activists and whistleblowers to protect their sources and exchange information securely.
Additionally, Tor browsers can access websites like Deutsche Welle’s from countries where they are banned. DW has made its website accessible to Tor to allow users to circumvent Internet censors and access DW content.
Why are criminal investigators interested in Tor?
That authoritarian states want to control the internet as completely as possible is obvious. However, even in democratic countries, investigators want to monitor what is distributed on the dark web through the Tor network. This is because of the wide-ranging content on weapons and drugs and for pedophiles that appear on the dark web.
Until now, the dark web has been a protected space for operators like Tor. However, it has recently become known that Germany’s Federal Criminal Police Office tracked down an operator of the pedophile platform Boystown on the dark web in 2021.
“These investigators have succeeded in something previously considered practically impossible,” German journalist Daniel Mossbrucker told DW.
Mossbrucker, a reporter for German public broadcaster ARD, uncovered the story with his colleagues.
How did the investigators manage that?
The investigators used so-called timing analyses, which involve recording the size of a sent file and tracking it via the various nodes to the recipient’s IP address. Although this is extremely time-consuming, it was successful in this documented case.
“This requires intensive monitoring of relevant parts of the Tor network, which is why timing analyses can presumably only be carried out by government agents,” Mossbrucker explained.
Is it still safe to use Tor?
Matthias Marx from the Chaos Computer Club, an association of hackers in Europe, sees “no evidence that there is a risk of deanonymization for pure users of the Tor browser.”
Marx had access to secret documents that showed how police could deanonymize the perpetrator through the Tor network. According to his findings, the successful attempts to track down users’ identities to date relate to so-called onion services and messengers that use this functionality.
“Much effort is involved and apparently only successful in a few cases, not in general,” Marx told DW.
Mossbrucker also sees no reason to panic. “The Tor browser is still a very secure means of communication.”
Both experts agree that state surveillance agencies can hardly identify anyone who simply surfs the Internet with the Tor browser – for instance, to access DW’s websites. However, they also call on the Tor project to improve anonymity protection.
Are whistleblowers more likely to be affected?
This seems to be the main issue. In the wake of Edward Snowden’s revelations about the spying activities of the US Secret Service, many media outlets set up digital mailboxes where whistleblowers could store confidential information securely and anonymously. These were usually very large files.
“With whistleblowing platforms, there is usually little going on until a source decides to submit data. This is a scenario in which timing analyses generally work better than elsewhere,” said Mossbrucker.
He advised using a VPN in addition to Tor, a network connection that cannot be viewed from the outside.
What does Tor say about the reports?
The non-profit Tor Project insists that communication within the network remains anonymous.
“The onion eliminates the issue of exit surveillance or tampering because the communication stays within the tor network,” it said in a statement.
“Onion services provide end-to-end encryption. This means the communication between the client and the onion service is encrypted across all nodes. Both the client and the onion service maintain anonymity.”
However, Mossbrucker’s and Marx’s research teams have shown that this is no longer true in this absolute sense.
This article was originally published in German.